Automating the Compliance Process

Take a more proactive approach to managing the complexity of compliance.

When most people talk about governance, risk management and compliance, the conversation usually starts with securing the data. After all, that's the reason we invest in all this GRC stuff.

But when you think about GRC from the data up, an interesting problem emerges. Most of the compliance regulations are focused on trying to make sure that some process or activity is actually secure and not open to abuse. Because of that process focus, most organizations have incurred a lot of expense trying to manually secure these processes and then manually auditing the controls they have put in place.

The folks at Oracle, however, are making a case for the automation of the entire compliance process, which should go a long way to reduce the cost of compliance. According to Chris Leone, group vice president for Oracle applications development, most regulations have been in place long enough that it's possible to automate the controls associated with them.

For instance, compliance regulations often call for segregation of duties among company personnel. Instead of manually checking that, customers can invoke Oracle GRC Controls to identify any conflicts. This week Oracle released version 8.6 of Oracle GRC Controls, which among other things adds the ability to identify risk-laden processes, simpler implementation tools, incident management tools and the ability to work with a broader array of non-Oracle applications.

Of course, organizations will incur a one-time expense to upgrade to the level of applications required to automate the GRC process. But when you consider the ongoing expense of manual compliance efforts, those costs don't seem quite so high. And Leone reports that compliance controls are a key driver for application upgrades these days, which would seem to imply that a lot of people are already moving toward GRC automation.

These days, there's little reason to do anything associated with information manually. So if the cost of compliance is driving you crazy, chances are that the problem lies with the processes you're using rather than the actual regulation.